460      微软

彻底干掉迅雷隐藏在kernel内的xlwfp服务

迅雷该服务在Services.msc内不可见，sc query 内也不可见，只有在注册表内可以看到，我是通过分析kernel模块发现xlwfp服务的，不知道迅雷是否在后台干什么坏事？不然为什么要在注册表内设置了2个参数NoUseClass和NoDisplayClass

下面是我做的bat文件，有需要的朋友可以参考。

::::::::::::::::::::::::::::::::::::::::::::::::::::::
::If user use Windows then Unlock the UAC at first
::::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::
:: Automatically check & get admin rights
:::::::::::::::::::::::::::::::::::::::::
@ECHO off

CLS
ECHO.
ECHO =============================
ECHO Running Admin shell
ECHO =============================

:checkPrivileges
NET FILE 1>NUL 2>NUL
if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )

:getPrivileges
CLS
ECHO.
ECHO **************************************
ECHO Please Note:
ECHO You must click Yes on the upcoming User Access Control pop-up window
ECHO to give this update privileges to run.
ECHO **************************************
PAUSE
if '%1'=='ELEV' (shift & goto gotPrivileges)  
ECHO.
ECHO **************************************
ECHO Invoking UAC for Privilege Escalation
ECHO **************************************

setlocal DisableDelayedExpansion
set "batchPath=%~0"
setlocal EnableDelayedExpansion
ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs"
ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs"
"%temp%\OEgetPrivileges.vbs"
exit /B

:gotPrivileges

setlocal & pushd .
::::::::::::::::::::::::::::::::::::::::::::::::::::::
::Unlock UAC Done
::::::::::::::::::::::::::::::::::::::::::::::::::::::
sc delete xlwfp
del %SystemRoot%\System32\Drivers\xlwfp.sys
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{9FB5F2D4-203E-41D2-932F-6DE145F9756C} /f
reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{9FB5F2D4-203E-41D2-932F-6DE145F9756C} /f

最后更新：2017-05-12 11:35:42

  上一篇： 我的Zune更新诺基亚 Lumia 900 电脑显示 Vista Clear Type Fonts for

  下一篇： 已安装Windows Defender 还有必要安装其他安全软件吗？